Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

wordpad.exe virus [RESOLVED]

munky

Posted 16 September 2005 - 07:32 PM

munky

Member

Member

33 posts

eff! Also, when I start my comp. firefox opens a window and cmd.exe opens up and runs all this stuff then errors out b/c it says 'administrator denies change to reg" or something.. Here's my HJT log. Hope you can help.

---------------------------------I uploaded the file you told me: Service load: 0% 100%File: sysmanager.exeStatus: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)MD5 e3740152efc9ecb7b7bb839a1fb9ccaePackers detected: PE-CRYPT.ANTIDEB, UPXScanner resultsAntiVir Found Worm/SdBot.aad.175ArcaVir Found nothingAvast Found nothingAVG Antivirus Found nothingBitDefender Found Backdoor.SDBot.08D6C255ClamAV Found nothingDr.Web Found Win32.HLLW.MyBotF-Prot Antivirus Found nothingFortinet Found W32/SDBot.AAD-bdrKaspersky Anti-Virus Found Backdoor.Win32.SdBot.aadNOD32 Found a variant of IRC/SdBotNorman Virus Control Found nothingUNA Found nothingVBA32 Found Backdoor.Win32.SdBot.aad--------------------------------------

greyknight17

Posted 18 September 2005 - 05:39 PM

greyknight17

Malware Expert

Visiting Consultant

16,560 posts

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools->Folder Options->View tab:* Under the Hidden files and folders heading, select Show hidden files and folders.* Uncheck the Hide protected operating system files (recommended) option.* Click Yes to confirm and then click OK.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Make sure you downloaded, installed, updated and ran these programs (run in Safe Mode) already - Ad-aware, Spybot and Ewido. If you didn't, do them now. For more information, go to http://www.greyknigh...com/spyware.htm

Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

sc stop SystemManager sc delete SystemManager del delete.bat

Save the file as "delete.bat". Make sure to save it with the quotes. Double click on it.

Go into HijackThis->Config->Misc Tools->Delete an NT service and type in SystemManager and hit OK.

Go to Start->Run and type in services.msc and hit OK. Then look for SystemManager and double click on it. Click on the Stop button and under Startup type, choose Disabled.

Make sure to close any open browsers. Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

Posted 20 September 2005 - 11:14 AM

greyknight17

Posted 20 September 2005 - 05:52 PM

greyknight17

Malware Expert

Visiting Consultant

16,560 posts

Create a dummy file and delete it. Empty it from the Recycle Bin. Does that fix it up? If not, try this:

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknigh...spy/CleanUp.exe ) and install it. CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!. Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff.

greyknight17

Posted 21 September 2005 - 04:30 PM

Advertisements

munky

Posted 22 September 2005 - 01:04 PM

munky

Member

Topic Starter

Member

33 posts

No, I don't see them. I did have RKLauncher on my comp.. and when I ran the mouse over the recycle bin it said 4 Items 1.91kB. And it shows the recycle bin as having something in it anyway.. and it'll ask if I'm sure I want to remove all the items.. but no, it does not show the files themselves.. also, i do have 'show hidden files' turned on.

munky

Posted 22 September 2005 - 09:13 PM

munky

Member

Topic Starter

Member

33 posts

It said File Not Found.

Volume in drive C has no label.
Volume Serial Number is 744A-EE02

Directory of c:\recycler

I have a RECYCLER (all caps) in my c:\ folder.. that when I open it I see a recycle bin and all..and if i go through it and empty it still does nothing.. Also, when I type it in cmd I get the same thing